Hi, everybody. Welcome to DEF CON 21.
Woo!
Yeah.
Yay!
I've already lost my voice. Who else? Anybody?
So, we wanted to have an opening speaker this morning
that I feel like could handle the heat of the moment out there going on right now.
Invited a former Fed up here.
He's used to dealing with North Korea as special envoy for the United States,
so I think he can handle the heat we can give him here.
Also, Joseph Detroni, Ambassador Joseph Detroni,
was recently Director of Nuclear Nonproliferation for the United States,
and he's now President of INSA.
So, I think it's really interesting to hear him talk today
about the convergence we're seeing between cyber and nuclear.
So, with that, everyone give Joseph, Ambassador, a warm welcome.
Thank you.
Thank you, Nico.
Thank you, Nico.
It's an honor being here.
I have to be very honest.
It's a bit intimidating to be here.
I'm impressed with all the work you do.
I met some of your colleagues yesterday.
Nico was nice enough to take me around,
and the work you do is very, very impressive.
I've spent 10 years, as Nico mentioned,
working weapons of mass destruction issues,
a lot with North Korea, but a number of other countries.
As we look at weapons of mass destruction, nuclear,
what was that?
I'm sorry, nuclear, bio, and chemical.
I thought today maybe I could talk a little about that,
and then sort of weave that into some of the work you're doing,
where you have the expertise, and that's the cyber domain.
So, please, bear with me, and then maybe we could open up
for a discussion or some questions,
and I'll be telling you a lot what you know.
But let me start off talking a little about weapons of mass destruction.
But I'll sort of prelude that by giving you my side of the story.
I'll start off by giving you my sense of what, again,
you know better than I, that cyber is a major national security threat
to this country, to our citizens, to our companies,
a threat that's growing in scope with direct impact
to the economic, domestic, and defense interests of this nation.
From hacktivists with a politically or socially motivated agenda
to criminals to state and non-state actors
who view cyber intrusions and attacks
as a means of economic advancement,
and we see a lot of that,
through theft of intellectual property,
and we've been reading a lot about that,
or espionage, or, in the most extreme case,
as a potential weapon of mass destruction.
The cyber domain now shares some of the same issues
I've addressed in my many years working
weapons of mass destruction issues.
Let me talk a little about weapons of mass destruction.
The Non-Proliferation Treaty, NPT,
and the International Atomic Energy Agency
were established to address nuclear issues
with significant international membership
that, interestingly and unfortunately,
doesn't include four of the nine nuclear weapons states
as members of the NPT.
The reality is that the number of nuclear weapons states
could increase significantly if North Korea retains
and enhances its nuclear weapons capabilities.
And Iran pulls back.
Iran pulls the trigger and manufactures nuclear weapons,
which they could do in a few months
once the Supreme Leader, Khamenei, makes this decision,
which some say is inevitable,
despite the election of Rouhani as the new president.
These two events, in my view,
will incite an international nuclear arms race
with countries like Japan, and South Korea,
and East Asia, and Saudi Arabia, Turkey,
and Egypt, and the Middle East,
each seeking
to obtain their own nuclear weapons capability.
This is the nuclear threat
the international community confronts today,
in addition to the real threat, and I emphasize this,
to the real threat of nuclear terrorism.
Non-state actors getting their hands on nuclear devices,
which we know they want.
That's why these organizations,
the NPT, the Non-Proliferation Treaty,
IAEA, International Atomic Energy Agency,
the monitors of these agencies and the inspectors
at Iran's nuclear sites at Natanz, Qom, Fodor,
do such outstanding work.
Unfortunately, North Korea pulled out of the NPT.
The only country, I might add, that pulled out of the NPT.
So, and they did that in 2003.
Thus, there are no IAEA monitors, inspectors in North Korea
looking at their facility at Yongbyon,
and any other undeclared facilities in North Korea.
Indeed, membership in the NPT
and compliance with the IAEA safeguards
helps to ensure that a nuclear arms race does not,
I emphasize that, does not materialize,
and that countries like North Korea
dismantles its nuclear weapons
in exchange for promised security assurances
and international legitimacy, and Iran renounces,
I emphasize, it renounces the pursuit of nuclear weapons
and overtly pursues the peaceful use of nuclear energy
while also ensuring that those other nuclear weapon states,
work hard to ensure the security of their nuclear weapons,
the security of their nuclear weapons,
because I mentioned nuclear terrorism,
and eventually join the U.S. in its goal
of a world with no nuclear weapons.
And the President has made that very clear, the objective.
And he said, most likely not in his lifetime,
but an objective, a goal.
Unfortunately, there are no international organizations
with the stature and effectiveness of the NPT and IAEA
to oversee this cybersecurity.
Additionally, the IAEA promotes the peaceful use of nuclear weapons,
the use of nuclear energy while also trying to inhibit
the use of nuclear for military purposes.
A few United Nations organizations,
some regional and national forums,
have discussed the future of internet governance,
but there has been minimal progress.
Indeed, the very definition of the cyber domain
remains blurred, but is certainly not confined
to the borders of any particular country.
As the Council of Foreign Relations' recent report
from the Independent Task Force on Cybersecurity noted,
addressing the challenge of cyberspace is a global matter.
And, quote, the effects of domestic decisions spread far
beyond national borders and will affect not only users,
companies, non-governmental organizations,
and policy makers in other countries, but also the health,
stability, resilience, and integrity
of the global internet, close quotes.
International approaches to cybersecurity are critical.
Yet, fraught with challenges of balancing free trade
with a global regulatory framework and protection
of intellectual property, promoting national security,
including the security of critical infrastructure,
and protecting privacy when national standards
on this issue differ across the globe.
Let me talk a little about the U.S. executive order
on improving critical infrastructure cybersecurity.
It's very explicit, and I think you're all familiar
with the executive order, explicit in stating that,
quote, the cyber threat to critical infrastructure
continues to grow and represents one of the most serious
national security challenges we now confront.
The national and economic security of the United States
depends on the reliable functioning of the nation's
critical infrastructure in the face of such threats.
It is the policy of the United States to enhance the security
and resilience of the nation's critical infrastructure
and to maintain a cyber environment that encourages efficiency,
innovation, and economic prosperity while promoting safety,
security, business confidentiality, privacy,
and civil liberties.
We can achieve these goals through a partnership
with the owners and operators of critical infrastructure
to improve cybersecurity information sharing
and collaboratively develop and implement risk-based standards.
That's the, that's a quote from the executive order.
In the global, you'll have a chance to ask some questions
and we can have a conversation.
In the information age, computers and the internet
are integral to every aspect of society, education,
healthcare, economic growth, no area is untouched.
Robert Naki, who's been here many times,
writing for the Council of Foreign Affairs states,
and I quote, the tremendous gains in economic productivity
over the past two decades are in the direct results
of the expanded use of the internet.
The communications, collaboration, outsourcing,
just-in-time inventory management,
and the control of industrial processes.
Internationally, the surge in global trade
in both goods and services that has taken place
could not have happened, emphasize,
could not have happened without internet
as an enabling technology, close quotes.
As with many peaceful and beneficial uses of nuclear power,
there obviously are many peaceful socioeconomic uses
of information technology.
I believe it would be a mistake, however,
to think that cyber presently can be used as a tool
to counter real or potential nuclear threat
as some have argued.
They cite Stuxnet and its reported effectiveness
in disabling, in disabling, a nuclear threat.
And I think many of you are familiar with that,
disabling a certain number of centrifuges in Iran.
If true, Iran probably absorbed the lost and moved forward
with the fabrication of even more sophisticated centrifuges
beyond the reach of any so-called cyber capability.
As stated in the aforementioned U.S. executive order,
cyber is the only way to control the world.
Cyber's true harmful capacity,
in addition to stealing intellectual property,
is its potential to attack a country's
critical infrastructure, i.e., its grid, water supply,
aviation safety systems, communications, financial systems,
things you're all very familiar with.
It's attacks of this nature that makes cyber
as potentially harmful as those of biological
and nuclear attacks, and therefore,
must be approached with equal seriousness
and focus on prevention.
Theoretically, any country or person or organization
can conduct such attacks.
Assuming knowledge and capacity.
That's not the case with nuclear.
Given the finite number of nuclear weapons states
and the likelihood that if they use, and I emphasize this,
if they use nuclear weapons against another country,
they in turn would be attacked.
MAD, mad, mutual assured destruction.
Having nuclear weapons is a real deterrent
to a nuclear attack.
This isn't necessarily the case with cyber.
If an event occurred, one can assume
who the cyber perpetrator was,
but the forensic fingerprints is less apparent.
Thus making such an attack potentially more attractive
to an aggressor.
I cite the recent cyber attacks against South Korea,
Saudi Arabia, Georgia, and the United States.
Their impact was devastating.
This is not the case with nuclear, as we mentioned.
And for that very reason, for that very reason,
more must be done to ensure that cyber technology
is not used for harmful purposes.
The challenges for the international community
and its respective governments, in addition to using
cyber more effectively for peaceful, socio-economic,
and economic purposes, is to help create the firewalls
necessary to prevent hostile cyber attacks
from stealing a country's and a company's intellectual property
or for attacking a country's critical infrastructure,
as we mentioned.
While also addressing the international challenge
of agreements on policies that protect free trade
and international governance of the internet.
This is the challenge and responsibility
confronting the international community.
Moreover, cyber technology generically can be used
to prevent countries, can it be used to
prevent countries and non-state actors from establishing
and sustaining illicit programs while each nation state
doctrinally is studying the role of cyber
for military conflict.
In my view, the cyber issue requires NPT and IAE type
international organizations that oversee, manage,
and help to control the use of cyber.
Organizations that not only monitor the use of cyber,
but encourage the peaceful use of cyber,
and permit and aid other countries,
as we do in the nuclear field, other countries,
to benefit from these technological advances.
Indeed, the need for an international cyberware treaty,
similar to the banning of chemical
and biological warfare agents post-World War I,
after we realized the terrible damage
that it caused in World War I.
I believe the nuclear issue requires enhanced focus,
I'll go back to the nuclear issue, this is my area, focus,
ensuring that North Korea gives up its nuclear weapons.
And Iran unequivocally renounces
the pursuit of nuclear weapons.
These developments and the progress the U.S. and Russia
are making with the new start, as we know,
bringing the number down to 1,550,
the president just spoke about bringing it down to 1,000,
will put the international community on a road
towards a world with no nuclear weapons.
Robert Oppenheimer, the father of the atomic bomb,
understood the need to move in this direction.
When he observed that the first detonation of a nuclear device
on July 16th, 1945, citing Hindu scripture
that, quote, I am become death, destroyer of the world.
We have the opportunity and the obligation to move
in a different direction.
Not to destroy the world, but to enhance it.
Most of you are experts in the field
of information technology.
You understand the cyber domain.
You understand its beneficial impact on all our lives.
You also understand the harm it can cause,
if used improperly.
Indeed, we look to you to develop better tools and to help
policies, and I emphasize this, policies to fortify
and protect our networks.
We look to you to develop more secure systems,
to help discover terrorist plots,
to uncover human trafficking, narco criminals,
corruption in WMD programs.
We look to you to inspire others,
to organize and enlist good hackers,
to help combat the sinister hackers
who steal intellectual property.
Disrupt networks, interfere with communications,
banking, and critical infrastructure.
Our private and public sectors need your help,
need your expertise to serve society.
Using technology wisely has always been the measure
of an enlightened society.
The security of our nation needs you, the good hackers of DEF CON.
I'll end on that, and maybe we can open it up to discussions
or some questions or wherever you want to go.
Thanks.
Any questions?
Please, sir.
I'm sorry, we have a question here.
Please go right ahead.
I'm a cyber cyber.
I'm a cyber cyber.
I'm concerned that we have a whole system
or a tool of slavery.
And I'm worried that when we see on our computer
Intel inside, I'm worried about the NSA being on the computer
chips on our computer monitoring this tool of slavery.
Yeah, I, do we want to take this or do you want to ask, do we want to take this question
first?
Repeat the question.
Repeat the question.
All right, well, I'm going to repeat the question.
I'm going to repeat the question.
Monitoring by the government could be a tool of repression, and the assurance is necessary
to ensure that the government is not doing, I assume that's the question, is not doing
that.
Well, let me tell you, I've been working WMD for ten years.
Ten years.
I've been working North Korea, I've been working a lot of other issues.
I've been working a lot of other issues if it relates to weapons of mass destruction.
I can tell you this.
If you want to get to what we've been talking about, the Snowden disclosures and so forth,
my exposure to that is what you've been exposed to, is that those programs, those programs
were authorized by the three branches of government.
Those programs, those programs, the three branches of government provided oversight
of those programs, and those programs were established post 9-11 when we saw the devastation
of 9-11.
And when we saw what the terrorists did.
The terrorists were coming and what their intent was.
So you have the three branches of government authorizing it, you have the three branches
of government overseeing it.
That's what it was.
And they've been effective according to the record.
The fact of the matter is, a decision has been made to make this more overt and more
of a discussion.
I don't pretend to be an expert, I have the knowledge you have.
But I think you have to have an open mind.
If there is a discussion, participate in that discussion in a meaningful way.
Listen to the.
Let me.
Let me finish my statement.
Do it in a meaningful way.
Listen to the both sides of it.
Listen to what the threat is.
Listen to what they're doing.
Because everything I've heard, they're not getting into anyone's mail, they're not reading
anything, they're not touching any U.S. person.
This is not directed at U.S. persons, not U.S. citizens.
This is looking at foreign terrorist threats to the country.
So look at the facts and then draw your own conclusions.
But there will be a discussion on that.
I don't think so.
Okay.
Well, I guess that's why I read the same media.
You have access to the media.
The media said there is.
That's going to be more of a discussion.
No, what I'm talking about, being there, there are no.
The question is putting up firewalls.
When I say putting up firewalls, how do we protect?
Because the Internet has no borders.
It's global.
How do companies protect their intellectual property?
How do governments protect their critical infrastructure?
Putting up firewalls, looking at securing networks, doing what's necessary to ensure
that we are protecting our intellectual property, we are protecting our critical infrastructure.
No, no, no, it's not.
You misunderstood.
I was talking about.
No, I'm not talking about nation state.
I'm talking about international organizations.
I mentioned the IAEA.
That's an international organization.
I mentioned the NPT.
That's an international organization.
That's what I'm talking about.
Creating organizations that oversee this.
Because this is a global issue.
It's not a nation issue.
It's not a country-specific issue.
This is a global, international issue.
Creating these international organizations that will do exactly that.
Because of the concerns you have, and you have ‑‑ there's valid concerns.
Both of your questions are very valid.
Sir?
Yes?
I want to say thanks for coming in today.
Thanks.
My biggest problem right now is that technology is moving so much faster than policy.
Policy is being dictated by old white men in Washington that have no dog in the hunt.
Therefore, their vote is up in the grass for whatever special interest group is given
to be the high bidder.
So you have these people like Eric Schwartz who are hounded and persecuted for something
that is in the grand scope of things in terms of nuclear proliferation, things like that.
Our Berkeley meeting was in comparison.
And they're, you know, they're not going to do it.
They're hounded until, you know, something horrible happens, like they end their own life
because of these.
And that's the problem I have is that we have all these people that are making policy
that don't understand the qualities that they're dictating and the outreach that they have.
That's very good.
The question from the gentleman is the policy that's being made by individuals who don't
really understand the impact and the consequences of making that policy and, indeed, inhibiting
and possibly persecuting individuals who want to move forward on that.
Let me just say that's why you all can make a difference.
You have the expertise.
And you're not all old white men.
Look around.
You can make the difference.
You can get involved.
You've got to.
You can have that impact.
Now, you can have that impact also with your representatives.
Because this is a representative government, right?
It's a republic.
Make your impact with your representatives.
And also get involved.
And the issues.
I can't emphasize that enough.
Guys, we have a microphone now that we can use for Q&A.
So if you could form a line over here.
I would just sort of .
Sure.
A lot of people that are in the security research division, when they use some document,
when they have to cover some sort of security law, right now they have to watch their back
.
And if they're doing it, they would be with optimistic intentions.
Okay. Can I ask a favor of you? If you would be kind enough, sir, to come up
and use the mic. I think the lady is absolutely right so everybody can hear it.
Sorry. I was just going to say that I appreciate your response. The only thing
I was going to say was that in the security research division that we have right now,
the way it is, the way things are right now, if someone uncovers a security flaw, they
have to watch for government prosecution for being sued by Cisco or some other company
because they're uncovering a flaw and they're making public knowledge of a security issue.
And it's not really in their best interest to, like you said, to participate in that
theater because they're basically opening themselves up to attack.
Yeah. Look.
I think, look, the only thing I can say, and I don't pretend to be an expert, this
is really, you know, cyberdomain is not my area. But my sense of working issues that's
somewhat related because I see cyber as being potentially a weapon of mass destruction when
you look at the consequences and the need to sort of get hold on it in a global sense.
I cite the IEA. I cite the NPT. This is something that we have to come together on and we have
have to do it quickly. Further to your question, that's exactly it. I mean, so that when we
find individuals find fault, they look at networks and they look at ‑‑ they shouldn't
be intimidated by that. They should be rewarded for doing that, to protect intellectual properties,
to protect infrastructure and so forth. That's all positive. So I think what you say makes
sense and I think working as a ‑‑ you know, not necessarily as a team, but certainly
as a team, but galvanizing that ‑‑ and look at what you have here at DEFCON. Yesterday
you had Black Hat. Cyber, that whole cyber issue has a lot of traction. This is the time
to come together on that, working with representatives, getting involved, getting involved with, you
know, let me just say, and I know this sounds trite, but getting jobs with the private sector,
many of you are doing, getting jobs with the government, many of you are doing, getting
very much involved so you become the new culture. And it's not just, as you described, those
old white ‑‑
White men that are making these decisions and so forth. You become and you move us in
this new domain, which has significant consequences. So I think your questions are very good. Thank
you.
So I'm not really sure why you're here because you don't ‑‑ and you said you're not
an expert on anything you use the word ‑‑
I'm sorry, I didn't hear you.
I'm not really sure why you're here, but since you are here and talking about weapons of
mass destruction ‑‑
I'm here because ‑‑ no, excuse me. I'm here because I'm invited.
Okay.
That makes sense. Don't you understand that?
Sure. Well, the point being, we just spent ten
years ‑‑
Ten years killing 100,000 people in Iraq for weapons of mass destruction, which appears
to be your expertise. And I'd like your comments on the lies that got us into that, where people
like you came out with the propaganda that there were weapons of mass destruction everywhere,
that they were imminent to be used, that they weren't there, and that all of that government
propaganda was lies. And why shouldn't we consider that what you're saying now is lies?
You know, let me answer your question.
Because I don't think the Feds tell the truth and I think we should fuck the Feds.
Let me answer your question. You can assume whatever you want. If you want to be blind
‑‑
I'm listening. I'm not assuming you're listening.
You can assume whatever you want.
And there is a public record in the U.N.
Let me finish. You can assume whatever you want, but if you want to be blinded to what's
happening ‑‑ you want to be blinded to the terrorism threat. If you want to be blinded
to ‑‑
You laugh? You're not concerned about terrorism. 9-11 was not a reality?
Was 9-11 caused by weapons of mass destruction? Why did we go to Iraq and kill all those people?
The government told us it was because they had weapons of mass destruction. We used depleted
uranium shells on the city of Fallujah and have a 50% death rate of the burst and a 30%
Sir, let me just say something. In my presentation this morning, I was not talking about Iraq.
But that's what we want to talk about. Okay, that's fine you want to talk about it.
The fact of the matter is, and I'm not going back to history on this either, because I
think the record is very clear that Saddam did not have weapons at that time and I think
the government has said that very clearly. The fact is when you go back to the first
Gulf War, when you go back to what Saddam was doing,
When you go back to what Saddam was doing, when you go back to what Saddam was doing,
when you go back to his plans, when you go back to some of the scientists who were working
on it, Saddam was pursuing it years before that. At the moment, at that time, no. And
I think the record is clear on that. But the fact of the matter is, that should not blur
you to the fact of what's going on in Syria with chemical weapons. That should not blur
you to the fact that if Iran goes forward with nuclear weapons and North Korea retains
those nuclear weapons, it shouldn't blind you to the fact that terrorist organizations
are trying to get their hands on this material. That's a reality.
And the reality that the government is lying about those things.
Well, if you want to believe the book.
The threat may be there, but the government is lying and covering it up.
You could believe what you want, but I can tell you this. You have a lot of dedicated
Americans working these issues who care about the safety of American people, who care about
the safety of you and all of us in this room here, and spend time doing that because we
know what the threat is, and we're trying to communicate that. Now, if you don't want
to hear that, if you don't want to be oblivious to it, that's your business. But there are
a lot of people putting their lives on the line to protect all of us in this room.
Thank you for being here. I think this is a question you don't need to answer,
but who participated in creating the speech? I'm sorry?
Who participated in creating the speech? What speech?
Like the one you just gave. I did.
Only you? Only me.
Okay. Thank you.
You mentioned Iran at the beginning of your speech. You said that they were months
away from creating a nuclear weapon. Considering that we've been hearing that for the last
30 years, most particularly in the last eight years, and it hasn't happened, why should
we believe you now when you've been so wrong in the past?
So let me ask all of you to do something. And I know you're all very smart people,
and you really have cyber, and you search the Internet. Go on to the Board of Governors'
Director General of the IAEA, Amano. Every three months, he does a report to the Board
of Directors. Go to the May 22nd, 2013 report and see what the IAEA, independent organization,
says about Iran's program, about the 17,000 centrifuges, about the sophistication up to
the IRFAR centrifuges, about 180, now it's 190 kilograms of uranium enriched to 20% purity.
And we know the red line being 250, and we know the red line being 250, and we know the
red line being 250. We know to go from 190 to 250, of the six tons, six tons of uranium
enriched to 5% purity, we're talking about five to six weapons. Talk about what the
IAEA ‑‑ it's not what I'm saying. It's not what the U.S. government is saying. It's
what the intelligence ‑‑ it's what the IAEA is saying. Read that report and the
ones that preceded it, and the new one is coming out in a few weeks, and then draw
your own conclusions. We have all these reports going back years
and years and years. Every year it's a scary report about Iran.
I'm sorry. I didn't hear you.
Every year there's a scary report about Iran developing nuclear weapons, and they've never
developed nuclear weapons. We're not talking about them developing.
We're saying they have the capability, and they're at a tipping point, and if they make
a decision, they could do that. They could do that within months. Hopefully they don't
make that decision. Hopefully that isn't, because it will open up some suspect, ISS
as a person, that that would open up an arms race in the Middle East. Because I don't think
countries are going to sit there. When you look at the Sunni, Shia aspect to it, it's
not going to happen. When you look at Iran's support to Hezbollah, when you look at what's
going on in Syria, I think that would be a concern. And let me put it very bluntly. If
you're sitting in Israel, Iran with nuclear weapons is indeed an existential threat. So
you've got a lot of factors there that you're considering.
I'm sure for the Iranians, Israel in possession of nuclear weapons is a far, far greater existential
threat than the threat that Iran might develop nuclear weapons sometime in some undefined
future. Especially, you know ‑‑
Just read the board of directors. You draw your own conclusions. I'm making my own assessment.
Have you read the board of directors' report? I have not.
Have you read any of their reports? Even if he accepts it, though, he's saying
that he trusts other states less. So even if he accepts that they're doing it.
Accepts they're doing what? Accepts that Iran is making those.
I'm sorry. I'm not following your logic. I'm sorry.
I give up.
Okay. I'm sorry. I think the way that you're approaching the cyber issue is wrongheaded
and misses the point.
So we don't need an international ‑‑ No. But I think I can tell you, you talk
about protecting our nation's grid and so on. If our nation had a power grid that was
robust, you wouldn't need firewalls protecting other people or protecting us from other people.
We need to make what we have secure.
No, then this talk about monitoring the world's cyber, which is pretty ridiculous because
it can't be seen. The things that you're talking about might work when people have to haul
weapons around the world. Might work when there are actual problems like you could drop
a bomb on this. But if the grid is robust, the grid will be robust even if people are
poking at it. What we need to do to be secure is to be secure in and of ourselves and stop
playing this game like we're mad. We're going to be mad starting next week. Nevermind your
We can control the world like we can see cyber and it's some sort of weapon we can stop.
It will never work.
I would ‑‑ Well, let me just say, if we could make
our systems robust as you just described, whether it's our corporations that are losing
intellectual property, and we just saw that in South Korea, we saw it in the United States,
we saw it in Saudi.
If these companies can ensure that their systems are secure so that these bad hackers can't
get into them or individuals or governments can't do that, that is fine.
If we could come up with the grids that are impenetrable, that would be great.
That's your challenge.
That's our challenge here to do that.
The fact of the matter is we see vulnerability.
We internationally ‑‑ I'm not talking about any particular country.
I'm saying ‑‑ you know, Saudi Arabia is not the United States.
South Korea is not the United States.
These countries are being affected and so forth.
So if we can collaborate ‑‑ that's what I'm talking about.
That's what the U.N. is about, isn't it?
You can collaborate on offering people technologies that they can use to secure their own systems,
but there's no possible way ‑‑ Then we need to move forward on that.
Thank you.
This is what I'm trying to say to you, though.
The words that you're using to us, we recognize to be counterproductive.
You want to put a firewall around this to keep these people safe, to help these people.
Well ‑‑
There are things that we could do to help these companies to be secure.
Then that's your challenge.
Now you're interrupting me.
I'm trying to say to you that the words you're using to us are ones that are guaranteed to
pretty much make this conversation less effective, and we would be willing probably in a lot
of ways to help, but the old world terms of firewalls and monitoring, they just don't
apply.
If you want to know what would work, then ask us.
How you should be set up.
Don't talk to us about working like the IAEA.
Ask us ‑‑
Well, let me posit this to you.
Let me posit this to you.
I'm giving you my experience working weapons of mass destruction.
You're the expert on ‑‑ obviously you're the expert on cyber technology, information
technology.
Move forward with what you just proposed.
No, no, let me finish.
No.
Move forward with what you just proposed.
Move forward with what you just proposed.
Move forward with what you just proposed.
Go out and work with these companies and do it.
I know many of you are doing it, that's the challenge.
And that's the challenge I mentioned to you and all of us in this room a few minutes ago.
You're the experts, go out and do what you're talking about.
Well, I hope, I didn't want to offend you with the things.
I don't use the same terminology because you're the expert in the area of cyber information
technology.
I don't pretend to be.
I'm using terminology I'm comfortable with, with weapons of message.
If it's not applicable in your area, I think it's the intent, it's not the words.
No, the intent.
Well, I say yes, you say no, we disagree.
Maybe I could help, because I see that your intent, I get that you want to do these things,
but the things that you're saying are sort of incorrect for the area.
And if you just want to say my intents are good, I mean it from this, I've got this experience,
then okay.
But when you put it that way, it's not going to work as well.
So you mentioned that we should use our skills to participate more and use our knowledge
to help educate our representatives, et cetera.
I know I've done a lot of lobbying on things like SOPA and stuff like that,
and it seems like the corporate interests largely have captured our representatives.
What do you feel about the role of?
How do you feel about the role of hacktivism and using our skills directly in modern democracy?
Excuse me, in the what?
In a modern democracy, like we have here in the United States.
I'm not hearing the end of your sentence.
So how do you feel about the role of hacktivism or using our skills directly to influence behavior,
corporations, protests, et cetera, as opposed to working through the traditional channels of government?
Well, yeah, I mean, working, I mean, many of you I'm sure are working with the private sector.
I mean, I think this is a cyber is one of the best.
The major issues affecting our property, because we're talking about intellectual property
and the billions of dollars, the billions of dollars that are being stolen from the corporate sector,
not only in the United States, obviously, but globally, internationally, yes.
So getting involved with these companies to do that, to protect that, yes.
I don't feel like you really answered the question, but.
Okay, so are you familiar with a group called Anonymous?
Sorry?
I used the word.
I used the word.
It's called disobedience.
Okay.
Basically, my question comes down to, it seems like working through the corporate structure,
we're only reinforcing a structure that is working against us largely in terms of trying to keep information secret.
Well, you know, let me say, I heard you said Anonymous, and I got your question.
I'm talking about intellectual property.
I'm talking about the many companies I think some of you probably are involved with that are losing intellectual property,
but not only in the United States, globally.
And we're talking about billions and billions of dollars.
We're talking about that.
So that's one aspect to it.
And there are other aspects, too.
You mentioned Anonymous.
Someone mentioned Anonymous there.
Go forward.
Do what you have to do.
I'm talking about intellectual property.
I'm talking about critical infrastructure.
That's my focus.
Your focus is a little different?
That's fine.
In your opinion, how has the NPT nonproliferation regime been impacted negatively, I guess how much,
by regulation?
I mean, what are some of the things that the NPT has done to try and regularize civil nuclear relations with India?
Well, the NPT, we would like countries to be members of the NPT, and if you heard my comments there,
there are four countries that are not members of the NPT, right?
Yeah.
And that's unfortunate.
We would like to see all countries become members because of safeguards and additional protocols.
That's exactly right.
So non-membership in the NPT, because it affects the IEA and the monitoring aspects, is a negative development.
We would like countries to be part of the NPT.
So my question is,
is the act of the United States regularizing our relationship with India's civil nuclear regime actually working against the NPT?
Well, that's a bifurcated issue, right?
Because the U.S. has decided there is a civilian program and there is a military program in India.
And a decision was made by the previous administration to deal with India in a bifurcated way.
Okay.
It seems like it's giving up one of the big carrots that the NPT has.
Well, I mean, countries like North Korea cite what you just cited.
And that's a reality there.
But we see India as a democracy, a country that is using civil nuclear programs in a meaningful way.
And that's the bifurcation.
Okay. Thank you.
Hi there.
Two things.
The first one, a shout-out to DEF CON for closed captioning there.
I think that's fucking cool.
So yay, DEF CON.
.
And then the second thing is I guess I'm a little perplexed because it seems that in terms of resources that the government spends in terms of dealing with cyber warfare,
it's always through the lens of state agents.
That's the threat.
And it seems to me that there's billions lost every day by people who are victims of cyber crimes.
And that the NSA's mandate, for instance, doesn't at all deal with that.
And that the government resources don't at all seem to address this.
Yet to me, and maybe I'm wrong, but it seems to me that that is proportionally in terms of its economic impact on the U.S.
and other Western nations, the much bigger threat.
Thanks.
Well, those are fair comments.
And we need to, you need to get involved.
And all of us need to get involved.
It's a multidimensional threat.
I think you just cited that.
Ambassador, I'm wondering what you think the prospects are for restarting the six-party talks around North Korea,
especially given it seems that most of the major players continue to fail to recognize the importance of signing a permanent peace treaty six years after the war.
I think it's a good question.
I think it's important to get back to negotiations with North Korea.
I think North Korea now has indicated with the new government, Kim Jong-un, that they're prepared to address the denuclearization issue.
It's not a question of nonproliferation.
It's a question of denuclearization.
They're prepared to look at and consider the 19 September 2005 joint statement that spoke to comprehensive denuclearization in exchange for security assistance and economic security assurances and economic assistance.
So I think those are positive.
I think the concern of immediately coming back to the six-party talks is how sincere is North Korea with this approach.
And I think if North Korea continues to be sincere, as they say they are, and they're saying this to China certainly and publicly now,
and cease and desist with more threats and attempts to intimidate and nuclear tests and missile launches,
I think the sense is that the negotiations will resume because we need to be successful with North Korea.
We need to be very, very successful.
And I think we can accomplish that.
I absolutely agree with that.
That's why I asked about the peace treaty in particular.
Maybe it's time for a fresh approach or a different set of eyes because it seems like whatever's been tried before just hasn't worked.
Yeah.
Well, that's a very fair point.
That's a fair point.
And this is exactly being reviewed.
No one wants to go back to talks like that.
Not for the sake of talks.
Because as we've been talking, you know, North Korea has gone from six to 12 nuclear weapons.
We believe they have a uranium enrichment program that's also fabricating weapons.
We see nuclear tests, missile launches.
Now they put a satellite in orbit.
The trajectory has gone the other way.
So what we want is talks, not for the sake of talks, but an implementation of a program that would lead to success.
And my personal view is I think with the assistance, certainly the six parties coming together, the five countries with North Korea,
and certainly China being very, very much involved with North Korea, an ally.
I think we will see progress.
Thank you.
Hi.
You compared cyber to chemical weapons in World War I.
What do you see as the parallels there?
No, no.
It wasn't comparing.
What I'm saying is when we saw the devastation of biological weapons, chemical weapons, the international community rose up and said,
my God, we have to sort of understand this and work together as a community.
Not just as a community.
Not countries.
But as an international community globally working together.
And that's why we have these international protocols on the biological weapons convention, the chemical, and the same thing with the nuclear.
Where the international, this is not a country-specific issue.
It's a global international issue.
And I think we all admit, you're the experts, again, cyber is not a country-specific issue.
It's a global issue.
I don't want to speak for people here.
But I suspect their response would be that there's simply too many,
too many non-state actors for a massive.
That's a fair point.
That's why it's a difficult issue.
That's a difficult issue.
It's a challenge.
Okay.
Peace.
Thank you.
Okay.
Any other positive comments?
Any other good questions?
Actually, no, no.
We need to get the next speaker.
Okay.
We got the next speaker.
So good luck.
And thank you.
And look, use that energy, use that expertise and help this government work with the international
community so that we do counter the potential threat and use it in a peaceful, meaningful
way, which it is.
So you are the experts.
So good luck to all of you.
